Available starting with FlowX.AI 5.5.0The Organization Manager is a new microservice responsible for organization and tenant management, including user registration, organization lifecycle, and platform component health monitoring.
Dependencies
Before setting up the Organization Manager, ensure you have the following dependencies in place:
- PostgreSQL database for storing organization and tenant data
- Kafka for event-driven communication with other FlowX.AI services
- Redis for caching
- Keycloak (or compatible OAuth2 provider) for authentication and authorization
- SpiceDB for fine-grained authorization
Infrastructure prerequisites
| Component | Description |
|---|
| PostgreSQL | Dedicated database for organization data |
| Kafka | Message broker for inter-service communication |
| Redis | Caching layer for improved performance |
| Keycloak | Identity provider for service authentication |
| SpiceDB | Authorization service for fine-grained access control |
Configuration
Authorization configuration
| Environment Variable | Description | Default Value |
|---|
SECURITY_TYPE | Security type | jwt-public-key |
SECURITY_OAUTH2_BASE_SERVER_URL | Base URL of the OAuth2/OIDC server | - |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_MAINIDENTITY_CLIENTID | Client ID for service account | flowx-organization-manager-sa |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_MAINIDENTITY_CLIENTSECRET | Client secret for service account | - |
SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_MAINAUTHPROVIDER_TOKEN_URI | Provider token URI | ${SECURITY_OAUTH2_BASE_SERVER_URL}/realms/${SECURITY_OAUTH2_SA_REALM}/protocol/openid-connect/token |
PostgreSQL configuration
The Organization Manager uses its own dedicated PostgreSQL database.
| Environment Variable | Description | Default Value |
|---|
SPRING_DATASOURCE_URL | JDBC connection URL for PostgreSQL | jdbc:postgresql://postgresql:5432/organization_manager |
SPRING_DATASOURCE_USERNAME | Database username | postgres |
SPRING_DATASOURCE_PASSWORD | Database password | - |
Ensure the database is created before deploying the service. The Organization Manager will manage its own schema migrations via Liquibase.
Redis configuration
Organization Manager uses Redis for caching. Configure Redis connection using the standard Redis environment variables.
Quick reference:
| Environment Variable | Description | Default Value |
|---|
SPRING_REDIS_HOST | Redis server hostname | redis-master |
SPRING_REDIS_PORT | Redis server port | 6379 |
SPRING_REDIS_PASSWORD | Redis authentication password | - |
For complete Redis configuration including Sentinel mode, Cluster mode, and SSL/TLS setup, see the Redis Configuration guide.
Kafka configuration
Core Kafka settings
| Environment Variable | Description | Default Value |
|---|
SPRING_KAFKA_BOOTSTRAP_SERVERS | Address of the Kafka server(s) | localhost:9092 |
KAFKA_MESSAGE_MAX_BYTES | Maximum message size (bytes) | 52428800 (50 MB) |
Topic naming configuration
| Environment Variable | Description | Default Value |
|---|
KAFKA_TOPIC_NAMING_PACKAGE | Package prefix for topic names | ai.flowx. |
KAFKA_TOPIC_NAMING_ENVIRONMENT | Environment segment for topic names | |
KAFKA_TOPIC_NAMING_VERSION | Version suffix for topic names | .v1 |
KAFKA_TOPIC_NAMING_SEPARATOR | Primary separator for topic names | . |
KAFKA_TOPIC_NAMING_SEPARATOR2 | Secondary separator for topic names | - |
Kafka topics
The Organization Manager publishes organization lifecycle events:
| Environment Variable | Description | Default Value |
|---|
KAFKA_TOPIC_ORGANIZATION_EVENTS_OUT | Topic for organization lifecycle events | ai.flowx.organization.events.v1 |
CAS lib configuration (SpiceDB)
| Environment Variable | Description | Default Value |
|---|
FLOWX_LIB_CASCLIENT_SPICEDB_HOST | SpiceDB hostname | spicedb |
FLOWX_LIB_CASCLIENT_SPICEDB_PORT | SpiceDB gRPC port | 50051 |
FLOWX_LIB_CASCLIENT_SPICEDB_TOKEN | SpiceDB authentication token | - |
Logging configuration
| Environment Variable | Description | Default Value |
|---|
LOGGING_LEVEL_ROOT | Root logging level | INFO |
LOGGING_LEVEL_APP | Application-specific log level | INFO |
Multipart upload configuration
| Environment Variable | Description | Default Value |
|---|
MULTIPART_MAX_FILE_SIZE | Maximum file size per upload | 50MB |
MULTIPART_MAX_REQUEST_SIZE | Maximum total request size | 50MB |
Secrets management
The Organization Manager requires several secrets to be configured. These should be stored securely and referenced via Kubernetes secrets or a secrets management solution.
| Secret Name | Description |
|---|
SPRING_DATASOURCE_PASSWORD | PostgreSQL database password |
SPRING_REDIS_PASSWORD | Redis authentication password |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_MAINIDENTITY_CLIENTSECRET | Keycloak service account secret |
FLOWX_LIB_CASCLIENT_SPICEDB_TOKEN | SpiceDB authentication token |
